This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

sd_ecb_block_encrypt Results in HardFault

I'm attempting to send a time sync message in a mesh packet. When I construct the packet during it's timeslot (for timing determinism) the system faults during encryption. When I perform the same system calls outside of a timeslot there is no issue. How can I still send my time sync messages reliably, and still be able to encrypt them?

Setup
nRF52840-DK
SDK v16.0.0
Mesh v4.0.0
S140 v7.0.1

Location
Utah

  • [[emoticon:f6c7d4baae8142629c254340948d5383]] Option 1: Using CCM Peripheral (NOT VIABLE)

    If you take a look at the screenshot of the call stack above, the function calls imply that the encryption will be performed with the CCM peripheral, which is fine (it can ONLY be used during a timeslot), but the functions lead to a Softdevice call using the ECB peripheral instead which is not allowed to be used during a timeslot.

    enc_aes_ccm_encrypt() is a Mesh API function taken from mesh/core/include/enc.h

    W̵h̵a̵t̵ ̵m̵u̵s̵t̵ ̵b̵e̵ ̵d̵o̵n̵e̵ ̵t̵o̵ ̵m̵a̵k̵e̵ ̵t̵h̵i̵s̵ ̵f̵u̵n̵c̵t̵i̵o̵n̵ ̵u̵s̵e̵ ̵t̵h̵e̵ ̵c̵o̵r̵r̵e̵c̵t̵ ̵p̵e̵r̵i̵p̵h̵e̵r̵a̵l̵ ̵(̵C̵C̵M̵)̵?̵ ̵O̵r̵ ̵h̵o̵w̵ ̵c̵a̵n̵ ̵I̵ ̵g̵e̵t̵ ̵a̵r̵o̵u̵n̵d̵ ̵i̵t̵ ̵a̵n̵d̵ ̵u̵s̵e̵ ̵t̵h̵e̵ ̵C̵C̵M̵ ̵m̵y̵s̵e̵l̵f̵ ̵i̵n̵s̵t̵e̵a̵d̵?̵ ̵

    Thanks in advance! Looking forward to your response.

  • Since the TransMIC and NetMIC must be a either 32 bit (4 byte) or 64 bit (8 byte) the CCM peripheral and its 4 byte MIC are not compatible for both cases. enc_aes_ccm_encrypt() applies CCM in software and uses the ECB peripheral for the AES core.

  • [ Ballot box with check] Option 2: Using CC310 AEAD CCM

    Since the CCM peripheral doesn't support 64 bit MAC/MIC, and the Softdevice S140 restricts ECB during timeslots, and the CC310 is open during softdevice activity, it looks like this is the route to take. I will update with progress as I go forward.

  • This proved to be the most effective method and I am now sending sync packets as I wish. To obfuscate the net header, CC310 AES ECB must be used also.

Related